Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Tools for voicemail testing?
From: Alexandre Bezroutchko <pentest7 () scanit be>
Date: Tue, 03 Jun 2003 15:15:19 +0200

 Hi,

I have some custom tools (hardware and software) I use in voice-mail audits. It allows to automate pretty much any dialogue with voice mail systems. You capture audio samples from the target voice mail system and then write a Perl script using external library which
implements function such as audio pattern recognition.

For example, algorithms similar to one below (I do not have access to the original veresion right now) was tested on several voice mail systems and gave very impressive results -- full keyspace search (4 digits) in 15 hours. Apparently, it is much faster than most people think
is possible ;).

---------------------------------------------------------------------
for(;;) {
  hangup
  dial $voicemail_number

  wait_for "voicemail_prompt.pat"
  send dmtf "*"

 for(;;) {
   $pin = get_new_pin_from_dictionary()

   wait for "enter_your_pin_code.pat"
   send dtmf $pin

   $answer = wait for "invalid_pin.pat", "hangup.pat"
   last if $answer eq "hangup.pat"
   next if $answer eq "invalid_pin.pat"

   print "Suspicious pin code '$pin\n"
   last;
 }
}
---------------------------------------------------------------------

Similar techniques can be used to automatically traverse through
voice mail menu tree, sending strange sequences of DTMF (or some other)
tones to the system and analyse responce.

I have developed it for in-house use. We do not give it away for free, but it is not a commercial-grade software either. If you are interested, contact me and we can discuss licensing terms.

--
Alexandre Bezroutchko
Scanit n.v., Belgium
http://www.scanit.be/

-------- Original Message --------
Subject: Tools for voicemail testing?
Date: Sun, 1 Jun 2003 23:26:56 -0700 (PDT)
From: "Todd A. Jacobs" <tjacobs-keyword-ptest01.f946df () codegnome org>
To: pen-test () securityfocus com

I've been Googling for about four hours tonight, and haven't been able to
turn up any current tools for performing brute-force attacks on voicemail
boxes. Does anyone know of any FOSS or commercial tools for performing
this sort of test?

--
The DMCA is anti-consumer. The RIAA has no right to rewrite copyright
laws to suit themselves.



---------------------------------------------------------------------------
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]